f651a355186f0a728dbea32b18aeb46f_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f651a355186f0a728dbea32b18aeb46f_JaffaCakes118
Size

1.1MB
MD5

f651a355186f0a728dbea32b18aeb46f
SHA1

77096c6d8b134b3195398697b2e20cefdfa73ebe
SHA256

7f12276867b2b253c48d1d65f8af27329db217bea17609ff8f9bf8ea63b14b66
SHA512

2d51d1af75e334528b09f5ec2c37e158317f982ed3c5c830ae79f5c3bf6883e976952ce00e3594a73e853cba87472643bba28ddd14bb476eaf7c1784630b8dc1
SSDEEP

24576:zeXZH5/2lTmDgY05p2DuIjm0IUmJ7jGcTP:zeXZH5WY6wyXxUmxqcTP

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
sample	upx

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
f651a355186f0a728dbea32b18aeb46f_JaffaCakes118

Files

f651a355186f0a728dbea32b18aeb46f_JaffaCakes118
.exe windows:6 windows x86 arch:x86

24bbe0bfaf1028355da5ace282104fb1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

vssvc.pdb

Imports

advapi32

GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
SetServiceStatus
RegisterServiceCtrlHandlerExW
StartServiceCtrlDispatcherW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
LookupAccountSidW
ConvertSidToStringSidW
GetLengthSid
FreeSid
AllocateAndInitializeSid
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
LookupAccountNameW
GetSidSubAuthorityCount
EqualDomainSid
IsValidSid
CreateWellKnownSid
AccessCheck
AdjustTokenPrivileges
LookupPrivilegeValueW
PrivilegeCheck
CheckTokenMembership
DuplicateToken
EqualSid
ConvertStringSidToSidW
AddAccessAllowedAceEx
AddAccessDeniedAceEx
GetAclInformation
GetAce
AddAce
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
CopySid
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenThreadToken
OpenProcessToken
GetTokenInformation

kernel32

InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetLastError
EncodePointer
GetComputerNameW
GetComputerNameExW
GetVolumeInformationW
GetVolumePathNamesForVolumeNameW
GetModuleHandleW
GetTimeZoneInformation
SetErrorMode
GetDiskFreeSpaceW
InitializeCriticalSectionAndSpinCount
InterlockedCompareExchange
Sleep
EnterCriticalSection
LeaveCriticalSection
DefineDosDeviceW
ReadFile
CreateDirectoryW
SetFileAttributesW
GetEnvironmentVariableW
GetSystemWindowsDirectoryW
LoadLibraryW
GetProcAddress
CreateThread
FindFirstVolumeW
FindNextVolumeW
FindFirstFileW
FindNextFileW
ExpandEnvironmentStringsW
FindClose
FindVolumeClose
SetLastError
GetVersionExW
LoadLibraryExW
FormatMessageW
FreeLibrary
GetCurrentThread
MultiByteToWideChar
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
WriteFile
DeleteFileW
MoveFileExW
GetFileAttributesW
GetProcessHeap
HeapAlloc
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
GetStartupInfoW
InterlockedExchange
WaitForSingleObject
CloseHandle
SetWaitableTimer
CancelWaitableTimer
GetCurrentThreadId
SetEvent
CreateEventW
CreateWaitableTimerW
OpenThread
CompareStringW
GetCommandLineW
HeapSetInformation
LocalAlloc
GetVolumeNameForVolumeMountPointW
GetVolumePathNameW
GetSystemDirectoryW
LocalFree
ResetEvent
DeviceIoControl
CreateFileW
GetDriveTypeW
HeapFree
GetSystemTimeAsFileTime
GetTickCount64
FlushFileBuffers
GetOverlappedResult
SetThreadPriority
WaitForMultipleObjects
ResumeThread
DeleteVolumeMountPointW
RaiseException
lstrlenW
QueryDosDeviceW
SetVolumeMountPointW

user32

RegisterDeviceNotificationW
LoadStringW
UnregisterDeviceNotification

msvcrt

memset
_snwscanf_s
_wcsupr
strncmp
wcsnlen
_ultow_s
wcscpy_s
wcscat_s
swprintf_s
__CxxFrameHandler3
_purecall
_vsnwprintf
_CxxThrowException
_wcsicmp
free
_controlfp
_onexit
_lock
__dllonexit
_unlock
??1type_info@@UAE@XZ
_except_handler4_common
?terminate@@YAXXZ
wcschr
_vscwprintf
realloc
memmove
wcsncmp
_errno
_beginthreadex
memcpy
malloc
_wcsnicmp
wcsstr
qsort
??0exception@@QAE@ABQBD@Z
?what@exception@@UBEPBDXZ
wcstoul
wcsrchr
iswspace
__set_app_type
towupper
iswdigit
_vsnprintf
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_wcslwr
memcpy_s
memmove_s
__p__fmode
__p__commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_XcptFilter
_exit
_cexit
__wgetmainargs
_callnewh
??0exception@@QAE@XZ

atl

ord16
ord23
ord17
ord20
ord30
ord32
ord58

ole32

CoRevertToSelf
CoImpersonateClient
CoDisconnectContext
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CLSIDFromString
CoFreeUnusedLibraries
CoGetObjectContext
StringFromCLSID
CoSetProxyBlanket
CoTaskMemRealloc

shlwapi

SHDeleteKeyW

oleaut32

VariantClear
SysAllocStringLen
SysAllocString
SysFreeString
VariantChangeType
GetErrorInfo
VariantCopy
VariantInit
LoadRegTypeLi
SysStringLen

rpcrt4

I_RpcBindingInqLocalClientPID
UuidToStringW
RpcStringFreeW

ntdll

NtThawTransactions
NtFreezeTransactions
NtQueryVolumeInformationFile
RtlNtStatusToDosErrorNoTeb
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
RtlNtStatusToDosError
NtUnloadKey
NtLoadKey
NtAdjustPrivilegesToken
NtOpenProcessToken
NtOpenThreadToken
EtwTraceMessage
RtlFreeSid
RtlSetOwnerSecurityDescriptor
RtlLengthSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
NtClose
NtCreateSymbolicLinkObject
RtlInitUnicodeString
RtlCreateAcl
RtlLengthSid
RtlAllocateAndInitializeSid
NtSetSecurityObject
NtCreateKey
NtDeleteValueKey
NtQueryValueKey
NtSetValueKey
NtFreezeRegistry
NtThawRegistry
NtQuerySystemInformation
RtlFreeHeap
RtlAllocateHeap
NtOpenFile
RtlGUIDFromString
RtlFreeUnicodeString
RtlStringFromGUID
NtWaitForSingleObject
NtDeviceIoControlFile
NtCreateEvent
NtAllocateUuids
LdrGetProcedureAddress
RtlInitAnsiString
LdrGetDllHandle
NtResetEvent
RtlGetVersion
NtOpenKey
NtEnumerateKey
NtQueryKey
NtQueryAttributesFile
NtDeleteKey

vssapi

?CreateVssSnapshotSetDescription@@YGJU_GUID@@JPAPAVIVssSnapshotSetDescription@@@Z
?LoadVssSnapshotSetDescription@@YGJPBGPAPAVIVssSnapshotSetDescription@@U_GUID@@@Z
VssFreeSnapshotPropertiesInternal
CreateWriter
CreateWriterEx

netapi32

NetApiBufferFree
NetShareEnum
NetLocalGroupGetMembers
NetShareGetInfo
NetShareDel
NetShareAdd

clusapi

OpenCluster
ClusterResourceControl
GetClusterResourceState
CloseClusterResource
CloseCluster
OpenClusterResource
GetNodeClusterState

xolehlp

ord9
ord8

resutils

ResUtilEnumResourcesEx
ResUtilGetResourceName

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailW
SetupDiDestroyDeviceInfoList
CM_Get_Parent

vsstrace

ord7
ord9
ord4
ord10
ord11
ord8
ord2
ord1
ord3
ord5
ord6

authz

AuthzReportSecurityEventFromParams
AuthzUnregisterSecurityEventSource
AuthzRegisterSecurityEventSource

virtdisk

GetStorageDependencyInformation

Sections

.text
Size: 900KB - Virtual size: 900KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

UPX0
Size: 144KB - Virtual size: 380KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

24bbe0bfaf1028355da5ace282104fb1

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

advapi32

kernel32

user32

msvcrt

atl

ole32

shlwapi

oleaut32

rpcrt4

ntdll

vssapi

netapi32

clusapi

xolehlp

resutils

setupapi

vsstrace

authz

virtdisk

Sections

.text Size: 900KB - Virtual size: 900KB

.data Size: 4KB - Virtual size: 5KB

.rsrc Size: 20KB - Virtual size: 19KB

.reloc Size: 75KB - Virtual size: 75KB

UPX0 Size: 144KB - Virtual size: 380KB

.text
Size: 900KB - Virtual size: 900KB

.data
Size: 4KB - Virtual size: 5KB

.rsrc
Size: 20KB - Virtual size: 19KB

.reloc
Size: 75KB - Virtual size: 75KB

UPX0
Size: 144KB - Virtual size: 380KB